cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-43916,https://securityvulnerability.io/vulnerability/CVE-2022-43916,Network Egress Vulnerability in IBM App Connect Enterprise Certified Container,A network egress vulnerability exists in IBM App Connect Enterprise Certified Container that allows Pods utilized for internal infrastructure to access egress traffic without proper restrictions. This could potentially expose sensitive data and allow unauthorized external communication from the internal network environment. Organizations are advised to implement security measures to limit network access and mitigate potential risks associated with this vulnerability.,IBM,App Connect Enterprise Certified Container,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T12:04:47.259Z,0
CVE-2024-49338,https://securityvulnerability.io/vulnerability/CVE-2024-49338,Privilege Escalation in IBM App Connect Enterprise Affecting Certain Versions,A vulnerability in IBM App Connect Enterprise versions 12.0.1.0 to 12.0.7.0 and 13.0.1.0 allows a privileged user to potentially gain unauthorized access to JMS credentials under specific configurations. This exposure could lead to further exploitation within secure environments. Organizations using the affected versions are advised to review their configurations and implement necessary security measures.,IBM,App Connect Enterprise,4.4,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-18T15:00:16.148Z,0
CVE-2022-22491,https://securityvulnerability.io/vulnerability/CVE-2022-22491,File System Write Vulnerability in IBM App Connect Enterprise Certified Container,"IBM App Connect Enterprise Certified Container versions running on Red Hat OpenShift are vulnerable to a file system write issue. This weakness allows unrestricted write access to the local filesystem. As a consequence, it can lead to exhaustion of available storage within a Pod. When the storage limit is reached, the affected Pod may be restarted, which can disrupt services relying on it. Organizations should evaluate their deployment configurations and consider implementing restrictions to mitigate this vulnerability.",IBM,App Connect Enterprise Certified Container,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T14:11:28.233Z,0
CVE-2022-43915,https://securityvulnerability.io/vulnerability/CVE-2022-43915,Running Pods Allow Elevated User Privileges,"IBM App Connect Enterprise Certified Container versions are vulnerable to privilege escalation due to inadequate limitations on calls to unshare in running Pods. This allows users with privileged access to execute unauthorized commands, potentially elevating their privileges within the containerized environment. Attackers could exploit this weakness to gain additional access and control over system resources, presenting risks to data integrity and system security. Organizations utilizing affected versions should implement necessary security measures to mitigate potential threats and ensure the integrity of their deployment.",IBM,App Connect Enterprise Certified Container,8.1,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-08-24T11:22:02.059Z,0
CVE-2024-31895,https://securityvulnerability.io/vulnerability/CVE-2024-31895,IBM App Connect Enterprise Vulnerability: Authenticated User Access to Sensitive User Information via Expired Access Token,IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.  IBM X-Force ID:  288176.,IBM,App Connect Enterprise,6.5,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2024-05-22T20:15:00.000Z,0
CVE-2024-31894,https://securityvulnerability.io/vulnerability/CVE-2024-31894,IBM App Connect Enterprise information disclosure,IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.  IBM X-Force ID:  288175.,IBM,App Connect Enterprise,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-22T20:15:00.000Z,0
CVE-2024-31904,https://securityvulnerability.io/vulnerability/CVE-2024-31904,Denial of Service Vulnerability in IBM App Connect Enterprise,"A vulnerability in IBM App Connect Enterprise allows an authenticated user to trigger a denial of service condition through an uncaught exception. This issue affects integration nodes in versions 11.0.0.1 to 11.0.0.25 and 12.0.1.0 to 12.0.12.0, potentially disrupting service availability. For further details, refer to IBM's support page and the IBM X-Force Exchange.",IBM,App Connect Enterprise,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-22T19:15:00.000Z,0
CVE-2024-31893,https://securityvulnerability.io/vulnerability/CVE-2024-31893,Sensitive Information Disclosure in IBM App Connect Enterprise,"IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.1 are susceptible to a security flaw that allows authenticated users to retrieve sensitive calendar information even when utilizing expired access tokens. This vulnerability could be exploited to unjustly access confidential data, thereby posing a significant risk to user privacy and data integrity.",IBM,App Connect Enterprise,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-22T19:15:00.000Z,0
CVE-2024-28761,https://securityvulnerability.io/vulnerability/CVE-2024-28761,IBM App Connect Enterprise Vulnerable to HTML Injection,"IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.  IBM X-Force ID:  285245.",IBM,App Connect Enterprise,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-14T15:14:00.000Z,0
CVE-2024-28760,https://securityvulnerability.io/vulnerability/CVE-2024-28760,IBM App Connect Enterprise Vulnerable to Denial of Service Due to Improper Resource Allocation,IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation.  IBM X-Force ID:  285244.,IBM,App Connect Enterprise,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-14T15:14:00.000Z,0
CVE-2024-22356,https://securityvulnerability.io/vulnerability/CVE-2024-22356,IBM App Connect Enterprise Vulnerability: Sensitive Information in Log Files,"IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user.  IBM X-Force ID:  280893.",IBM,"App Connect Enterprise,Integration Bus",4.9,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2024-03-26T14:12:18.122Z,0
CVE-2024-22317,https://securityvulnerability.io/vulnerability/CVE-2024-22317,IBM App Connect Enterprise denial of service,"IBM App Connect Enterprise versions 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 have a vulnerability that exposes the product to remote attacks due to improper handling of excessive authentication attempts. This vulnerability can potentially lead to the unauthorized disclosure of sensitive information or denial of service, posing significant security risks for organizations utilizing these versions. Organizations are advised to apply relevant security updates to mitigate these vulnerabilities and enhance the protection of their systems.",IBM,App Connect Enterprise,9.1,CRITICAL,0.001509999972768128,false,,false,false,false,,,false,false,,2024-01-18T13:16:34.298Z,0
CVE-2023-45176,https://securityvulnerability.io/vulnerability/CVE-2023-45176,IBM App Connect Enterprise and IBM Integration Bus denial of service,"IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows.  IBM X-Force ID:  247998.",IBM,"App Connect Enterprise,Integration Bus",6.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-14T16:15:00.000Z,0
CVE-2023-40682,https://securityvulnerability.io/vulnerability/CVE-2023-40682,IBM App Connect Enterprise information disclosure,IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs.  IBM X-Force ID:  263833.,IBM,App Connect Enterprise,4.4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-13T16:15:00.000Z,0
CVE-2022-43874,https://securityvulnerability.io/vulnerability/CVE-2022-43874,IBM App Connect Enterprise Certified Container,"IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  239963.",IBM,App Connect Enterprise Certified Container,6.1,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-03-15T17:20:24.972Z,0
CVE-2022-42444,https://securityvulnerability.io/vulnerability/CVE-2022-42444,IBM App Connect Enterprise denial of service,IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash.  IBM X-Force ID:  238538.,IBM,App Connect Enterprise,4.9,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2023-02-12T04:15:00.000Z,0
CVE-2022-42439,https://securityvulnerability.io/vulnerability/CVE-2022-42439,IBM App Connect Enterprise information disclosure,"
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.

",IBM,App Connect Enterprise,6.8,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-02-06T20:25:26.204Z,0
CVE-2022-43922,https://securityvulnerability.io/vulnerability/CVE-2022-43922,IBM App Connect Enterprise Certified Container information disclosure,"IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration.  IBM X-Force ID:  241583.",IBM,App Connect Enterprise Certified Container,5.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-02-01T17:32:29.171Z,0
CVE-2022-31770,https://securityvulnerability.io/vulnerability/CVE-2022-31770,Denial of Service in IBM App Connect Enterprise Certified Container,"IBM App Connect Enterprise Certified Container 4.2 contains a vulnerability that allows an authenticated user with access to the administration console to create a specially crafted request. This can cause a denial of service, disrupting the availability of the application. Organizations utilizing this software must ensure proper access controls are in place to mitigate risks associated with this vulnerability.",IBM,App Connect Enterprise Certified Container,4.9,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2022-07-04T00:00:00.000Z,0
CVE-2022-22404,https://securityvulnerability.io/vulnerability/CVE-2022-22404,Denial of Service Vulnerability in IBM App Connect Enterprise Certified Container Dashboard UI,"The IBM App Connect Enterprise Certified Container Dashboard UI is susceptible to a denial of service (DoS) attack due to inadequate rate limiting mechanisms. This flaw could be exploited by attackers to overwhelm the system, resulting in service outages and diminished availability. It is critical for organizations using affected versions to implement appropriate safeguards to mitigate potential impacts on their operations.",IBM,App Connect Enterprise Certified Container,6.5,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2022-03-31T00:00:00.000Z,0
CVE-2021-29906,https://securityvulnerability.io/vulnerability/CVE-2021-29906,Information Disclosure Vulnerability in IBM App Connect Enterprise Certified Container,"The IBM App Connect Enterprise Certified Container version range 1.0 to 1.5 is prone to an information disclosure vulnerability. When configured with an IBM Cloud API key for connecting to various cloud-based connectors, it may inadvertently expose sensitive information to local users. It is crucial for organizations relying on this product to assess their configurations to prevent unintended data leaks and ensure robust security measures are in place to protect sensitive information.",IBM,App Connect Enterprise Certified Container,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-10-08T18:15:00.000Z,0
CVE-2021-29759,https://securityvulnerability.io/vulnerability/CVE-2021-29759,,"IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.",IBM,App Connect Enterprise Certified Container,4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-07-07T17:15:00.000Z,0
CVE-2020-4785,https://securityvulnerability.io/vulnerability/CVE-2020-4785,,"IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219.",IBM,App Connect Enterprise Certified Container,5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2020-11-03T14:15:00.000Z,0